This is an old revision of the document!

Documentation » Getting Started » Protocols »

Transport Layer Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties.1

TLS/SSL Certificates

Much like HTTPS, but unlike SSH, FTPS and WebDAVS servers must provide a public key certificate. This certificate must be signed by a certificate authority.

Advertisement

If it is not, WinSCP will generate a warning stating that the certificate is not valid. Whether or not to trust such certificate is your choice. If you are connecting within a company network, you might feel that all the network users are on the same side and spoofing attacks are unlikely, so you might choose to trust the certificate without checking it. If you are connecting across a hostile network (such as the Internet), you should check with your system administrator, perhaps by telephone or in person.

Learn also how to accept certificate automatically in script.

Supported Cryptographic Protocols and Cipher Suites

WinSCP supports TLS 1.0 - 1.2 and SSL 3.0.

See list of supported cipher suites.

  1. The text is partially copied from Wikipedia article on Transport Layer Security. The text is licensed under GNU Free Documentation License.Back

Last modified: by martin

Documentation

Support

Associations

Follow Us